ARTICLE
2 September 2025

On-Chain And Enforceable: The SCA's Tokenization Framework

TLP Advisors

Contributor

TLP Advisors logo
At TLP Advisors, we are a dynamic and forward-thinking consulting, strategy, and law firm specialising in providing cutting-edge solutions to our diverse clientele. With our roots deeply embedded in the financial services, gaming, Web3, and emerging tech sectors, we offer unparalleled knowledge and provide tailored support to these rapidly evolving industries' unique challenges and opportunities. TLP Advisors has consistently been the firm of choice for L1 chains, funds, DeFi protocols, gaming companies, fintech and payment companies, foundations, and investors. We have built a reputation for excellence through our frequent collaborations with regulators, funds, and technology incubators.
Explore Firm Details
The regulation applies strictly to tokenised securities and derivatives, excluding most virtual assets and real-world assets (RWAs) unless structured as securities.
United Arab Emirates Technology
Harshil Agarwal,Pankhuri Malhotra,Areeb Ahmad
+1 Authors
 Your Author LinkedIn Connections

KEY TAKEAWAYS

  • The regulation applies strictly to tokenised securities and derivatives, excluding most virtual assets and real-world assets (RWAs) unless structured as securities.
  • Token rights must be formally recorded and exercised on a distributed ledger technology (DLT) under a Registration Agreement, making enforceability dependent on on-chain recognition.
  • A clear differentiation between permissioned and permissionless DLT systems assigns liability based on the issuer's level of control over the blockchain infrastructure.
  • Over-the-counter (OTC) trading is allowed but restricted to licensed custodial wallets or pre-approved self-custodial wallets, ensuring compliance with AML/CFT standards.
  • Custodians, exchanges, and Digital Wallet Service Providers must obtain SCA licenses and comply with heightened governance, audit, and operational standards.
  • Enforceability of rights, whitelisting of wallets, audit requirements, and token replacement mechanisms reinforce investor confidence and mitigate risks.

INTRODUCTION

The Securities and Commodities Authority (SCA) in the UAE has taken a significant step toward shaping the future of tokenisation by issuing the Security and Commodity Token Contract Regulation.1 This landmark regulation not only consolidates the legal status of blockchain-based securities and derivatives but also ensures that innovation in tokenisation operates within a clear, enforceable legal framework. By applying a technology-neutral approach, the SCA places tokenised securities and commodity contracts firmly within its jurisdiction, aligning distributed ledger-based instruments with the UAE's established financial regulatory regime. At the same time, it draws important distinctions between securities, derivatives, and virtual assets to avoid overreach while strengthening investor protections.

SCOPE OF THE REGULATION

SCA's regulations focus on two categories of tokenised instruments: Security Tokens2, and Commodity Token Contract.3 Security Tokens include tokenised shares, bonds, sukuk, and structured notes, while Commodity Token Contracts cover on-chain derivatives such as futures and options linked to commodities, provided that issuance, execution, and transfer take place entirely on-chain. Importantly, the SCA applies the same regulatory standards to these tokens as it does to their traditional paper or electronic counterparts. In other words, the legal nature of the financial instrument and not the technology used ,determines whether SCA rules apply.

By contrast, tokens that represent real-world assets (RWAs), such as gold or real estate, generally fall outside the SCA's remit unless the token itself qualifies as a security (e.g., a share in a real estate investment fund).4 Similarly, Virtual Asset Tokens that do not meet the definition of a security or derivative are excluded from scope. This approach is designed to avoid regulatory overreach. For example, a token giving direct ownership of a painting would not be covered. However, if that token represents ownership in a security, such as shares of a fund that owns paintings, it may qualify as a regulated Security Token. Tokens that simply denote direct ownership of a commodity, without any contractual or securities structure, may also fall outside the SCA's jurisdiction and instead be overseen by other authorities.

A central feature of the framework is that Security Tokens and Commodity Token Contracts are only regulated if the rights attached to them are formally registered on a Distributed Ledger under a Registration Agreement. Those rights must also be exercisable and transferable exclusively via the distributed ledger. This represents a key policy shift: legal rights must now be formally recorded on-chain and not merely represented by a token.

In essence, the SCA framework makes clear that classification depends on the rights embedded within the token. Mere representation or digital ownership is insufficient; only tokens that embody enforceable contractual or securities obligations on-chain fall within the regime.

KEY IMPACTS OF THE REGULATIONS

Permission Blockchain vs. Permissionless Blockchains

The regulations recognize both permissioned (authorized-participant) and permissionless (public/blockchain) DLT structures.5 It distinguishes between permissioned and permissionless distributed ledger technologies (DLTs), by assigning responsibility in line with how much control an issuer has over the system6 :

For permissionless DLT (e.g., Ethereum): the issuer (obligor) bears broad responsibility for compliance and technical standards, since no central party can be held accountable for the infrastructure.

For permissioned DLT (e.g., Hyperledger): responsibility does not automatically fall on the issuer. Instead, liability may rest with the system operator or another party explicitly assigned through contractual arrangements. This reflects the practical reality that permissioned platforms are governed by identifiable entities.

In both cases, issuers must verify that the system meets required standards. Additionally, they are required to disclose the governance structure, contractual arrangements, and allocation of risks related to platform operations and technical failures.

Why it matters: Aligns liability with actual control over blockchain infrastructure, preventing issuers from avoiding responsibility on open chains while allowing flexibility on governed networks.

Expanded OTC (Over The Counter) exception

The final regulations significantly broaden the scope of OTC trading. Previously limited to bonds and sukuk tokens, the framework now permits any Security Token or Commodity Token to be traded OTC but only under strict conditions as discussed in our previous article. The final regulations greatly expand this by allowing any Security Token or Commodity Token to trade OTC, but only under strict conditions.

Permitted channels: Transfers must occur through Digital Wallets provided by licensed service providers.7

Self-custodial wallets: These are allowed, but only if they appear on a pre-approved Whitelist maintained by issuers or authorised intermediaries.8

This framework ensures strong AML/CFT compliance by explicitly identifying all OTC participants. It also formalises the distinction between custodial (licensed third-party controlled) and non-custodial (self-managed) wallets, bringing greater transparency and accountability to OTC markets.

Why it matters: Expands market access while maintaining AML/CFT safeguards, ensuring transparency in both custodial and self-custodial OTC transactions.

Obligation of registration agreement on the issuers of Security and Commodity Tokens

Issuers now face a significantly elevated compliance which mandates a well-defined registration agreement recorded on a Distributed Ledger. The agreement must clearly define legal relationships between parties and include conditions for registration, transfer, and retention. To that end, issuers must establish: 9

  • A DLT system where rights are exercisable only through the ledger (even the choice of DLT system now affects liability);
  • Organisational and governance frameworks (auditable and transparent)10; and
  • Independent audit mechanisms to maintain ledger integrity and legal enforceability.

Additionally, issuers must manage whitelists for self-custodial wallets, ensure tokens are not misclassified as "virtual assets," and guarantee ledger settlement within 24 hours to maintain legal enforceability11.

Why it matters: Embeds legal enforceability directly into blockchain systems, raising compliance standards and reducing risks of asset misclassification or settlement failures.

Investor Protections

The regulations introduce explicit safeguards to ensure that token holders' rights are legally enforceable, but only when full compliance conditions are met. Key protections include:12

  • Wallet requirements: Only investors transacting through licensed custodial wallets or whitelisted self-custodial wallets qualify for protection.
  • Token pledging: Tokens can be legally pledged without transfer as long as the pledge is recorded on the ledger.
  • Loss or replacement: A court-recognised process is established for replacing lost or inaccessible tokens, ensuring continuity of investor rights.13

Case Study: Tokenised Stock Offerings via SPVs

Platforms such as Robinhood, Kraken, and Gemini have launched tokenised stock products where tokens represent derivative claims on an offshore SPV rather than direct ownership in the underlying company.14 In these models, investors gain synthetic exposure to equities but are not actual shareholders, meaning they lack voting rights, dividend entitlements, and governance participation. This has drawn increasing regulatory scrutiny and even distancing statements from firms like Open AI regarding Robinhood's tokenised stock products. Such SPV-based schemes often exploit gaps by offering 24/7 trading and fractional access while avoiding direct securities regulation and conventional investor protections. The UAE framework preempts these risks by mandating enforceable registration agreements for all tokenised offerings, whether tied directly to equity or structured through SPVs, and by requiring that all token-holder rights be formally recorded on-chain. Investor protections such as audited governance, transparent settlement, and enforceable legal rights are built into the regulations, ensuring that even fractional or indirect tokenised securities cannot escape oversight if marketed as equity. By embedding enforceability, clarity of title, and robust governance obligations, the UAE regime closes loopholes exploited by offshore tokenised equity schemes and reinforces trust in tokenised capital markets.

CONCLUSION

The SCA's tokenisation framework sets a new benchmark by requiring rights to be formally recorded and exercised on-chain, making enforceability a core principle rather than an afterthought. By narrowing its scope to genuine securities and derivatives, distinguishing between permissioned and permissionless blockchains, and embedding compliance through registration agreements, governance, and audit standards, the regime balances innovation with accountability. Investor protections such as wallet whitelisting, enforceable pledges, and recovery mechanisms, further strengthen market confidence. Importantly, the rules also close loopholes exploited by offshore SPV-based stock token models, ensuring that only transparent, legally robust offerings reach investors. Together, these measures position the UAE as a leader in developing a trusted, resilient, and forward-looking tokenised capital market.

Footnotes

1 Chairman of the Authority's Board of Directors' Resolution No. (15/Chairman) of 2025.

2 As per Article 2, SCA's Regulations on Security Tokens and Commodity Tokens Contracts, "Security Tokens" mean "a Security the rights attaching to which are registered in a Distributed Ledger in accordance with the Registration Agreement and may be exercised and transferred to others through a distributed ledger."

3 As per Article 2, SCA's Regulations on Security Tokens and Commodity Tokens Contracts, "Commodity Token Contract" means "A Commodity Contract the rights to which are registered in a distributed ledger in accordance with the Registration Agreement and may be exercised and transferred to others through the Distributed Ledger."

4 Article 4(3) of the SCA's Regulations on Security Tokens and Commodity Tokens Contracts.

5 Ibid

6 Article 11 (1) of the SCA's Regulations on Security Tokens and Commodity Tokens Contracts.

7 Article 12(2) of the SCA's Regulations on Security Tokens and Commodity Tokens Contracts.

8 Article 12(3) of the SCA's Regulations on Security Tokens and Commodity Tokens Contracts

9 Article 1 of the SCA's Regulations on Security Tokens and Commodity Tokens Contracts.

10 Article 5(3) of the SCA's Regulations on Security Tokens and Commodity Tokens Contracts.

11 Article 7 of the SCA's Regulations on Security Tokens and Commodity Tokens Contracts.

12 Ibid.

13 Article 9 of the SCA's Regulations on Security Tokens and Commodity Tokens Contracts.

14 'Tokenised Stocks Are Here, but Do They Really Bring Added Value over CFDs?' (Financial and Business News | Finance Magnates, 1 July 2025) https://www.financemagnates.com/forex/tokenised-stocks-are-here-but-do-they-really-bring-added-value-over-cfds/ accessed 7 July 2025.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Person photo placeholder
Harshil Agarwal
Photo of Pankhuri Malhotra
Pankhuri Malhotra
Photo of Soham Jethani
Soham Jethani
Photo of Areeb Ahmad
Areeb Ahmad
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More